Police Oracle announced that Commissioner of the City of London Police Adrian Leppard has announced his retirement. Will this come in to effect before the Investigatory Powers Bill is scrutinised by Parliament in the autumn ?
City of London Police are supposed to be the UK National Policing lead for preventing economic crimes. They run two controversial private industry funded national units Police Intellectual Property Crime Unit (PIPCU) dealing with "intellectual property" and counterfeit goods and the
Dedicated Cheque and Plastic Crime Unit (DCPCU)
It is therefore very peculiar that Commissioner Adrian Leppard should put his name to this New York Times Op Ed article, attacking Apple and Google mobile phone handset encryption. How many billions of pounds of UK economic secrets are protected by such
encryption on mobile phones belonging to City of London financial industry workers ?
Commissioner Leppard should be collecting hard evidence of the numbers and types of of mobile phones his officers have actually seized as evidence and the numbers reported lost or stolen, with and without strong encryption enabled (N.B. only recent versions of Android can do this and the feature is not switched on by default)
so that he can inform the Investigatory Powers Bill scrutiny with some facts rather than cherry picked handwaving examples, which is the usual inadequate or deliberately deceitful Home Office and Police
Don't hold your breath though, as Commissioner Leppard is seemingly ignorant of some of the basics of today's internet protocols
UK Police: Enforcement won't work against a piracy
When Phone Encryption Blocks Justice
By CYRUS R. VANCE Jr., FRANÇOIS MOLINS, ADRIAN LEPPARD and JAVIER ZARAGOZAAUG. 11, 2015
Cyrus Vance Jr. , clearly the main author of this article, is the son of the Washington political insider Cyrus Vance who is associated with several US Foreign Policy disasters such as the end of the Vietnam war and the Iran hostage crisis.
Like previous New York public prosecutors (these are political appointments), he may well be trying to stir up political support for a future political career, like Rudy Guiliani
In June, a father of six was shot dead on a Monday afternoon in Evanston, Ill., a suburb 10 miles north of Chicago. The Evanston police believe that the victim, Ray C. Owens, had also been robbed. There were no witnesses to his killing, and no surveillance footage either.
With a killer on the loose and few leads at their disposal, investigators in Cook County, which includes Evanston, were encouraged when they found two smartphones alongside the body of the deceased: an iPhone 6 running on Apple's iOS 8 operating system, and a Samsung Galaxy S6 Edge running on Google's Android operating system. Both devices were passcode protected.
An Illinois state judge issued a warrant ordering Apple and Google to unlock the phones and share with authorities any data therein that could potentially solve the murder. Apple and Google replied, in essence, that they could not -- because they did not know the user's passcode.
The homicide remains unsolved. The killer remains at large.
Until very recently, this situation would not have occurred.
Last September, Apple and Google, whose operating systems are used in 96 percent of smartphones worldwide, announced that they had re-engineered their software with "full-disk" encryption, and could no longer unlock their own products as a result.
According to Apple's website: "On devices running iOS 8.0 ... Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user's passcode, which Apple does not possess."
A Google spokeswoman said, "Keys are not stored off of the device, so they cannot be shared with law enforcement."
Now, on behalf of crime victims the world over, we are asking whether this encryption is truly worth the cost.
Not only is this strong encryption worth the cost, there should, in fact be much more of it, switched on by default.
Between October and June, 74 iPhones running the iOS 8 operating system could not be accessed by investigators for the Manhattan district attorney's office -- despite judicial warrants to search the devices. The investigations that were disrupted include the attempted murder of three individuals, the repeated sexual abuse of a child, a continuing sex trafficking ring and numerous assaults and robberies.
Criminal defendants have caught on. Recently, a suspect in a Manhattan felony, speaking on a recorded jailhouse call, noted that "Apple and Google came out with these softwares" that the police cannot easily unlock.
Apple, Google and other proponents of full-disk encryption have offered several rationales for this new encryption technology. They have portrayed the new policy as a response to the concerns raised by Edward J. Snowden about data collection by the National Security Agency. They say full-disk encryption makes devices generally more secure from cybercrime. And they assert that, if the companies had master encryption keys, then repressive governments could exploit the keys.
These reasons should not be accepted at face value. The new Apple encryption would not have prevented the N.S.A.'s mass collection of phone-call data or the interception of telecommunications, as revealed by Mr. Snowden. There is no evidence that it would address institutional data breaches or the use of malware. And we are not talking about violating civil liberties -- we are talking about the ability to unlock phones pursuant to lawful, transparent judicial orders.
The NSA is not the only threat to privacy and security, how would Vance & his co-signatories protect our privacy and financial information from criminals and terrorists and hostile foreign intelligence agencies who may steal or access such secrets held on mobile phone handsets ?
In the United States, Britain, France, Spain and other democratic societies, the legal system gives local law enforcement agencies access to places where criminals hide evidence, including their homes, car trunks, storage facilities, computers and digital networks.
Carved into the bedrock of each of these laws is a balance between the privacy rights of individuals and the public safety rights of their communities. For our investigators to conduct searches in any of our jurisdictions, a local judge or commissioner must decide whether good cause exists. None of our agencies engage in bulk data collection or other secretive practices. We engage in targeted requests for information, authorized after an impartial, judicial determination of good cause, in which both proportionality and necessity are tested.
Nonsense. There is is no independent judicial warrant involved in most UK mobile phone handset searches or seizures - these are self authorised by the UK police themsleves.
It is this workable balance that proscribes the operations of local law enforcement in our cities, and guides our residents in developing their expectations of privacy. But in the absence of laws that keep pace with technology, we have enabled two Silicon Valley technology companies to upset that balance fundamentally.
The Evanston case is just one example. In France, smartphone data was vital to the swift investigation of the Charlie Hebdo terrorist attacks in January, and the deadly attack on a gas facility at Saint-Quentin-Fallavier, near Lyon, in June. And on a daily basis, our agencies rely on evidence lawfully retrieved from smartphones to fight sex crimes, child abuse, cybercrime, robberies or homicides.
Note the weasel words "smartphone data" - this is not SmartPhone handset encrypted data held on the internal or external microSD card or in the local address book or locally saved SMS message which is what the rest of this article is talking about.
Over the air SmartPhone metadata may have been used in the hunt for the Charlie Hebdo murderers (who brazenly called TV news stations whilst on the run), but there are no reports of any mobile phone handset encryption being used at all.
The murderers had been under full telephone monitoring and intercept for months previously, with nothing to alert the authorities.
It turns out the wives of the murderers had been in contact with each other hundreds of times, but the murderers themselves had stuck to face to face meetings.
Full-disk encryption significantly limits our capacity to investigate these crimes and severely undermines our efficiency in the fight against terrorism. Why should we permit criminal activity to thrive in a medium unavailable to law enforcement? To investigate these cases without smartphone data is to proceed with one hand tied behind our backs.
Nonsense. None of the Mobile Phone network generated calling pattern or physical location metadata is affected by "full disk encryption" - none of it is actually stored on the SmartPhone handset anyway. This is all accessible to law enforcement with a judicial warrant, or, in the UK, without one at all.
The new encryption policies of Apple and Google have made it harder to protect people from crime. We support the privacy rights of individuals. But in the absence of cooperation from Apple and Google, regulators and lawmakers in our nations must now find an appropriate balance between the marginal benefits of full-disk encryption and the need for local law enforcement to solve and prosecute crimes. The safety of our communities depends on it.
Cyrus R. Vance Jr. is the Manhattan district attorney. François Molins is the Paris chief prosecutor. Adrian Leppard is the commissioner of the City of London Police. Javier Zaragoza is the chief prosecutor of the High Court of Spain.